This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
Though McAfee's management GUI was disappointing, ePO's reporting features are excellent, including more than 70 different reports that break down all aspects of the enterprise. The point-and-click custom report creation tool is stellar, making it easy for people who are not database experts to massage the information into highly useful reports.
Symantec is also solid, offering more than 70 reports, with impressive performance. Symantec's custom reporting capabilities are focused on defining filters for its existing reports to create useful subsets, a valuable capability but somewhat less flexible than McAfee.
The IBM ISS reporting tool provided good coverage, addressing long-term trends and top attacked and infected machines. However, getting at the report files is a little obscure. Admins have to remember where they were generated in the file system to open the report from within the management GUI. Further, to open a report, you have to right-click on it and go to "Properties," a bizarre GUI twist that takes some getting used to.
Trend Micro's reporting is handled by a separate product, Trend Micro Control Manager, which is not tightly bundled into the existing management GUI, making a little more work for installation and use. On the positive side, this separate reporting tool applies to all Trend Micro enterprise products, including gateway security
| appliances, antispam products, etc. It's included in the purchase of the endpoint suite, and provides a full complement of well-laid-out reports.
eEye's built-in reporting features are decent and offer some features for creating custom queries in its published database schema. However, building custom or tweaked report queries is a complicated process, even using the built-in templates.
CA's reporting for antivirus and antispyware is stellar, with more than 70 reports available. Unfortunately, CA's HIPS and firewall features offer very little reporting, with only about a dozen high-level reports providing much less visibility into these important aspects.
Sophos' reporting capabilities are quite skimpy. Only about a dozen reports are available. They don't include Top 10 style reports of most infected systems, users or groups. The look and feel of the reporting engine makes the product appear better suited for small and medium businesses, rather than large enterprises. However, Sophos publishes its database schema for customers to use with third-party reporting tools, such as Crystal Reports.
This was first published in November 2007